[Asterisk-Users] * and Cisco routers
brian k. west
brian at bkw.org
Tue May 18 21:56:18 MST 2004
I personally think firewalls are a stopgap measure for the real problem. A
firewall and VPN are not a fool proof method of protection. Fix the real
problem instead of hiding it. I usually dont use a real firewall but ACLs
and other similar methods to lock down where/who can access a box. As for
cisco routers we use ACL's to lock those where the asterisk box is the only
one that can access it.
bkw
> Doug,
>
> I don't believe that it would be a good idea to leave the Asterisk box
> unprotected (without any firewall). This would leave you wide open for
> people to access your internal system through the Asterisk box. We have
> all been participating in a discussion about an article written by the
> ingenious Mr. Jim Louderback, technology writer for Ziff Davis, regarding
> the security risk of IP Telephony. As far as the cost of vpning the
> phones, maybe you could use LinkSys vpn routers ($129.00 / each) and cut
> the cost in half.
> If you didn't want to go the VPN route, you could setup access-list on
> your 3810 to only accept traffic from the known IP addresses of your home
> warriors. This is not the most secure, but it does provide some security
> and would probably block most half hearted attempts from wannabe hackers.
> You could sell your Cisco phones, install X-Lite (free softphone) and
> put the money from the Cisco phones toward vpning your network. There
> are several ways to go, I just wouldn't leave it wide open.
More information about the asterisk-users
mailing list